Cryptanalysis of Stream Cipher COS (2, 128) Mode I
Filiol and Fontaine recently proposed a family of stream ciphers named COS. COS is based on nonlinear feedback shift registers and was claimed to be highly secure. Babbage showed that COS (2, 128) Mode II is extremely weak. But Babbage’s attack is very expensive to break the COS (2, 128) Mode I (the complexity is around 252). In this paper, we show that the COS (2, 128) Mode I is very weak. Secret information could be recovered easily with about 216-bit known plaintext.
Unable to display preview. Download preview PDF.
- 1.S.H. Babbage, “The COS Stream Ciphers are Extremely Weak”, http://eprint.iacr.org/2001/078/
- 2.S.H. Babbage, “Cryptanalysis of the COS (2, 128) Stream Ciphers”, http://eprint.iacr.org/2001/106/
- 3.E. Filiol and C. Fontaine, “A New Ultrafast Stream Cipher Design: COS Ciphers”, http://www-rocq.inria.fr/codes/Eric.Filiol/English/COS/COS.html
- 4.E. Filiol and C. Fontaine, “A New Ultrafast Stream Cipher Design: COS Ciphers”, in Proceedings of the 8th IMA Conference on Cryptography and Coding, LNCS 2260, pp. 85–98.Google Scholar
- 5.E. Filiol, “COS Ciphers are not “extremely weak” ! — the Design Rationale of COS Ciphers”, http://eprint.iacr.org/2001/080/